XSS injection vulnerability
1. Reflective XSS injection
Cause of the vulnerability: There is no reliable input validation for user-submitted content (no filtering of sensitive strings).
Next, write a web page with a reflected xss vulnerability
a. Write xss vulnerability web page in php
Code in xss.php
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>xss</title>
<script>
function setCookie(name,value)
{
varDays = 30;
var exp = new Date();
exp.setTime(exp.getTime() + Days*24*60*60*1000);
document.cookie = name + "=" + escape(value) + ";expires=" + exp.toGMTString();
}
setCookie("xssCookie","xssValue");
</script>
</head>
<body>
<h1>Reflective xss</h1>
<form action="/xss.php" method="get">
<input type="text" name = "xss1">
<input type="submit" value = "test">
</form>
</body>
</html>
<?php
error_reporting(0);
$xss = $_GET['xss1'];
if($xss !== null){
echo $xss;
}
?>
Code in index.php
<?php
$xss = $_GET['xss'];
if($xss !== null){
echo $xss;
}
else{
echo "failed";
}
?>
operation result:
We test whether there is an xss vulnerability:
Input:
If the vulnerability exists, the result is as shown in the figure:
b. Reflective xss injection in DVWA (intermediate level)
Method 1: Case bypass:
Method 2: Double-write bypass
Analysis:
Case bypass: Because the str_replace function is used in the code, this function is case-sensitive, but